The US arm of Canadian freight company Delmar International this week confirmed it notified and undisclosed number of people about a November 2024 data breach that compromised the following personal info:
- Name
- Social Security number
- Date of birth
- Home address
- Phone number
- Email address
- Payroll info
Ransomware gang Rhysida claimed responsibility for the attack. In a LinkedIn post, Delmar CEO Robert Cutler confirmed Rhysida was the attacker.
Rhysida demanded 20 bitcoin, worth about US$1.9 million at the time. To prove its claim, Rhysida posted images of what it says are documents stolen from Delmar. Cutler says Delmar refused to pay. As a result, Rhysida auctioned off the stolen data to the highest bidder.
“The criminals have finally become fed up and frustrated with our lack of cooperation and are currently auctioning our data. They want a minimum of 20 bitcoin for mostly dated information (roughly 3 million CAD) The authorities are informed and monitoring the situation and we remain defiant. We are fully operational globally and will become stronger as a result of these nasty morally corrupt people,” Cutler said. “Soon they will release my deceased mother’s passport and other personal information.”
The attack affected Delmar’s operations worldwide. It took the company about a week to restore most of its infected systems.
“Hackers continue to try to phish and impact our recovery. Registering many domains which try to mimic Delmar and our subsidiaries. Ransom has not and will not be paid. Not one dollar!!!!” Cutler said on LinkedIn.
Delmar did not say how attackers breached its network. Comparitech contacted the company for comment and will update this article if it responds.
Delmar is offering eligible victims two years of free credit monitoring via TransUnion.
Who is Rhysida?
Rhysida is a ransomware group that surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems.
Rhysida has claimed 67 confirmed ransomware attacks since it began posting targets to its leak site, compromising more than 4 million records. Its average ransom demand is $1.3 million.
Other recent Rhysida claims include confirmed attacks on schools like Vermilion Parish School System (LA), Granite School District (UT), and Rutherford County Schools (TN). American Addiction Centers just disclosed a September 2024 breach claimed by Rhysida.
Rhysida claimed another 91 unconfirmed attacks that weren’t acknowledged by targets.
Ransomware attacks on transportation
Ransomware attacks on transportation companies like Delmar can disrupt operations and cause shipping delays. The ransomware infects computers on the target network and locks them down until a ransom is paid for a key to unlock them. Ransomware can also steal data, which cybercriminals use to extort organizations for additional profit under threat of selling or publicly releasing private info.
Comparitech researchers recorded 35 confirmed ransomware attacks on transportation companies worldwide in 2024 so far.
In similar such attacks, Snatt Logistica, an Italian company hit by Black Basta ransomware in November 2024, spent three days restoring its systems and had to lay off workers for a week. Ransomware group 8Base attacked the Port of Rijeka in Croatia, but no ransom was paid.
About Delmar International
Delmar International is a freight forwarding and customs brokerage company based in Canada. It offers air, ocean, and ground freight logistics, distribution and warehousing. The company operates 55 offices across 17 countries, and employs more than 1,500 people.